Parkin, S; Epili, S; (2015) A technique for using employee perception of security to support usability diagnostics. In: 2015 Workshop on Socio-Technical Aspects in Security and Trust (STAST). (pp. pp. 1-8). IEEE: Verona, Italy.

Preview

Text Parkin_A Technique for using Employee Perception of Security to Support Usability Diagnostics _2.pdf Download (462kB) | Preview

Abstract

Problems of unusable security in organisations are widespread, yet security managers tend not to listen to employees' views on how usable or beneficial security controls are for them in their roles. Here we provide a technique to drive management of security controls using end-user perceptions of security as supporting data. Perception is structured at the point of collection using Analytic Hierarchy Process techniques, where diagnostic rules filter user responses to direct remediation activities, based on recent research in the human factors of information security. The rules can guide user engagement, and support identification of candidate controls to maintain, remove, or learn from. The methodology was incorporated into a prototype dashboard tool, and a preliminary validation conducted through a walk-through consultation with a security manager in a large organisation. It was found that user feedback and suggestions would be useful if they can be structured for review, and that categorising responses would help when revisiting security policies and identifying problem controls.

Download activity - last month

Export as CSVXMLJSON

Download activity - last 12 months

Export as XMLCSVJSON

Downloads by country - last 12 months

Export as JSONCSVXML

Archive Staff Only

View Item